An independent cybersecurity review across many of Pennsylvania’s largest accounting firms reveals a wide range of results. Firms that prepare returns hold extremely sensitive taxpayer data, yet many show significant gaps in basic email authentication.
Using data from audit.emailmenow.com, we evaluated each firm’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major Pennsylvania Accounting Firms
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Firm | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Maillie LLP | maillie.com | 70% | Strong |
| 2 | Schneider Downs | schneiderdowns.com | 66% | Good |
| 3 | Herbein + Company | herbein.com | 64% | Good |
| 3 | Kreischer Miller | kmco.com | 64% | Good |
| 3 | Sisterson & Co. | sisterson.com | 64% | Good |
| 6 | Trout CPA | troutcpa.com | 60% | Above Average |
| 7 | McKonly & Asbury | macpas.com | 58% | Average |
| 8 | Brown Plus | brownplus.com | 54% | Average |
| 8 | Boyer & Ritter | boyercpa.com | 54% | Average |
| 10 | RKL | rklcpa.com | 51% | Below Average |
| 11 | Isdaner & Company | isdanerllc.com | 44% | Weak |
What the Results Reveal
- Scores range from 70% (Maillie) down to 44% — Maillie is the only Pennsylvania firm to reach a strong posture, with a cluster of well-known firms at 64%.
- The middle and lower pack show enforced DMARC (
p=reject), strict SPF, and transport protections are widely incomplete, despite the taxpayer data these firms hold. - Weak email authentication fuels the tax-season phishing and client-payment fraud that increasingly target CPA firms.
Why This Matters for Accounting Firms
The IRS (Publication 4557) requires every tax professional to maintain a written information security plan (WISP) to keep a PTIN, and the FTC Safeguards Rule backs it with civil penalties. Tax season is also peak phishing season for tax pros.
Check any firm’s posture at audit.emailmenow.com/?industry=cpa-firms.
See also — national audit
- Major U.S. CPA Firms (national)
- Major U.S. Tax Preparers (national)
- National Payroll Providers (national)
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Document your WISP and run recurring security awareness training before filing season.
Protect your firm and your clients. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=cpa-firms.
Contact EmailMeNow IT Consulting for help with your IRS-ready written security plan and email hardening.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.